Is it possible to add custom HTTP headers?

0
Hi community, A security firm had conducted a penetration test on our application. They advised us to set the Content-Security-Policy (CSP) HTTP header to control (white-list) the externally loaded resources like script, fonts, style, etc. Is it possible to add custom HTTP headers in serving Mendix container? Kind regards, Johan ___ I requested this feature in an idea: https://forum.mendix.com/link/ideas/273
asked
3 answers
1

We had similar advise from a security firm, and sent a request to mendix for implementing the header. I don't think it is currently possible to add your own headers in mendix. 

answered
0

Hi,

We have recently added the possibility to add customer headers in Cloud v4. See paragraph 4.2 of https://docs.mendix.com/developerportal/deploy/environments-details.

Kind regards,

Tom de Groot

Product Manager Mendix Cloud

answered
0

He Tom, 

Long time no see ;). Question: when updating these headers with the Content-Security-Policy and restarting the application. The current value has been filled with my new Content-Security-Policy line. However when I check via inspector if my new custom Content-Security-Policy has been applied, I still see the old one. 

The real question is: how long does it take after restart to update the headers to be applied with the set values in Sprintr?

answered